Set up custom network ports (for HTTP and HTTPS)
Hello. I would like to expose my website via opening certain network ports. Why "certain" you may ask. Well, my ISP allows me to open ports only via PCP (Port Control Protocol), meaning, i request to open port for my internal service, and he will assign me some port. The usable port range is from port ~1500 to ~2000. This means i cannot use default compatible network port written down in Cloduflare's documentation (https://developers.cloudflare.com/fundamentals/reference/network-ports/).
I tried to set up Origin Rule to change port (it was template). This would mean that all incoming traffic from clients would get re-routed to destination port defined by me (my IPS respectively). However, this could not work as ALL the incoming traffic would go to that one port. I cannot specify that only HTTP traffic to be re-routed to that specified port by me. Is there some other possibility to set up custom HTTP and HTTPS port within cloudflare?
17 Replies
Feedback
Feedback has been submitted! Thank you :)
this AI suggested to use reverse proxy and then specify the port to the normalized 80/443. The issue doesn't lie in this part of the network. The issue lies in the router that ISP gave me, and their PCP system. I already use reverse proxy (Caddy) to get certificates on some subdomains within my domain.
Why can you not specify different ports for http/https using Origin rules? Also, +1 for tunnels.
I don't know how to match 1st rule to only HTTP traffic and 2nd rule to HTTPS traffic. Do I need to set matcher for SSL/HTTPS field and route traffic to respective ports regarding the state of SSL/HTTPS?
So the 1st rule would have if the SSL/HTTPS is OFF (in the rule matcher), then route the traffic to port e.g. 1501 and 2nd rule would have if the SSL/HTTPS is ON, then route the traffic to port e.g. 1502?
Regarding CF Tunnels, they are slow (in my region) compared to my download / upload speed.
I did have CF Tunnels set up (and still have on one of my websites) but the loading was slow and I'm planning to use it not only for website but also some WebApps like Immich and other potentially bandwidth hungry apps.
Yes, that's how you would do it.
So i've just created 2 PCP mappings in my router. Then i created 2 rules checking whether it is SSL/HTTPS traffic or not, to correctly forward traffic. Then i created DNS rule to jellyfin.example.com pointing to my IP. I tried to go to jellyfin.example.com to check if it would be accessible but unfortunately, it is not.
Interestingly enough, my other DNS records still works and forwards traffic. So clearly those origin rules didn't apply apparently.
of course, i double-checked if my caddyfile is configured properly:
What happens when you try to open it?
Which error do you see?
Standard timeout. But from what i've found out using curl, it forwards the traffic to 443 instead of 1191. But this might be hidden behind Cloudflare's magic i guess.
That looks like it isn't proxied
should i proxy it? because currently it is set to DNS only :
You'll be surprised to hear that, in DNS-Only mode, you can only use DNS.
LOL, my mistake. Turned it on and currently waiting for it to take effect. So far it is still forwarding me to :443.
So i'll wait for a bit and send an update
HOLY SMOKES IT WORKED
Thank you a lot for your support including clues!
I think i can close this topic now